Mid-Year Audit Meeting 08-26-02 FINAL

Thion - Default

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

35 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Informations

Publié par	Thion
Nombre de lectures	32
Langue	English

Extrait

An Analysis of the Fraud Triangle

Incentive/Pressure

Fraud Risk

Opportunity Attitude/Rationalization

By

Jerry L. Turner, The University of Memphis
Theodore J. Mock, University of Southern California
Rajendra P. Srivastava, University of Kansas

January 2003

AN ANALYSIS OF THE FRAUD TRIANGLE

ABSTRACT

The concept of a “Fraud Triangle” is introduced to the professional literature in
SAS No. 99, Consideration of Fraud in a Financial Statement Audit. The Fraud Triangle
consists of three conditions generally present when fraud occurs: Incentive/Pressure,
Opportunity, and Attitude/ Rationalizations. Input from forensic experts, academics and
others consistently show that evaluation of information about fraud is enhanced when
auditors evaluate in the context of these three conditions. To examine the impact of the
fraud triangle on the audit process, this paper develops an evidential network that has two
major sub-networks: one to capture risk and evidential relationships for a conventional
financial statement audit and the other to capture the risk and evidential relationships for
fraud risk assessment. These networks use the Belief Functions approach to express the
uncertainties involved in the evidence in a financial statement audit. The results of the
analyses support the concept of the fraud triangle in that the three components and the
relationships between those components are shown to have a substantial impact on audit
risk.

i
AN ANALYSIS OF THE FRAUD TRIANGLE

INTRODUCTION

The main objectives of this research are to present a baseline model of audit risk
that incorporates the risk of fraud; to determine reasonable combinations of audit
evidence for this model that will result in an assessment of audit risk of approximately
0.05 or less; and most importantly, to enhance this model to incorporate the requirements
of a recent Exposure Draft (AICPA 2002) intended to modify SAS No. 82. The
characteristics of this enhanced model then are formally evaluated. These models are
based on prior research into evidential audit networks (Srivastava and Shafer 1992), into
audit planning (Mock et al.1998) and into fraud risk assessment (Turner et al.2002).
To achieve these objectives, this paper develops an evidential network that has two
major sub-networks: one to capture risk and evidential relationships for a conventional
financial statement audit and the other to capture the risk and evidential relationships for
fraud risk assessment. Given that prior research (Turner et al. 2002) has investigated the
basic features of this type of framework, this paper investigates more complex
relationships between the main factors that seem to affect fraud and audit risk.
Specifically, the following research questions are investigated in this paper:
RQ1: What is the effect on Audit Risk of an interaction between Incentives and
Management Integrity?
RQ2: What is the effect on Audit Risk of interactions between Incentives and
Management Integrity and Opportunities and Management Integrity?
RQ3: What is the effect on Audit Risk of Modified Audit Procedures?

BACKGROUND AND PRIOR RESEARCH

Audit risk is defined in SAS No. 47, Audit Risk and Materiality in Conducting an
Audit, as “The risk that the auditor may unknowingly fail to appropriately modify his or
her opinion on financial statements that are materially misstated.” (AICPA 1984, ¶02).
Audit risk is represented in the form of a model in the SAS and is decomposed into three
separate risks: inherent risk, control risk, and detection risk. This model is designated as
the Audit Risk Model (ARM).
To increase awareness of the possibility of fraud, SAS No. 82, Consideration of
Fraud in a Financial Statement Audit (AICPA 1997), was issued in February 1997.
While not modifying the basic ARM, it provides expanded operational guidance on the
auditor’s consideration of material fraud in conducting a financial statement audit.
Effective for audits of financial statements for periods ending on or after December 15,
1997, SAS No. 82 clarifies but does not increase the auditor’s responsibility to detect
fraud. That responsibility still is framed by the key concepts of materiality and reasonable
assurance (Mancino 1997).
Under SAS No. 82, auditors are required in every audit to specifically assess the
risk of material misstatement of the financial statements due to fraud and to continue to
assess that risk throughout the audit. SAS No. 82 describes two types of fraud that may
result in financial statement misstatements: fraudulent financial reporting and
misappropriation of assets. For fraudulent financial reporting, SAS No. 82 identifies three
categories of risk factors: management’s characteristics and influence over the control
environment, industry conditions, and operating characteristics and financial stability. For
misappropriation of assets, two categories are identified: susceptibility of assets to
2
misappropriation and controls. For each of the five categories, examples of situations that
might indicate fraud are provided. If any risk factors are identified, the auditor is required
to determine if planned audit procedures need to be modified.
When SAS No. 82 was issued, the Auditing Standards Board (ASB) indicated that
once the SAS has been in use for two busy seasons, it would be evaluated as to how well
it had accomplished its objectives and that any further steps that need to be taken would
be identified. This led to five research projects funded by the AICPA and a number of
other studies aimed at increasing our understanding of the risk of fraud and its effects on
audit risk. The resulting research clearly was helpful in providing insights about the
effects of SAS No. 82, including identifying specific issues for further research on fraud
deterrence and detection.
In February 2002, after evaluating the impact of SAS No. 82, the ASB released an
Exposure Draft (ED) intended to expand required audit procedures to address material
financial statement fraud. The ED emphasized considering a client’s susceptibility to
fraud, regardless of the auditor’s past experience with the entity or prior beliefs about
management’s honesty and integrity. Among others, the new standard would require that:
• Auditors must broaden the range of information they use to assess the risks of
material misstatement due to fraud, beyond the fraud risk factors provided in SAS
No. 82.
• Auditors must consider management’s programs and controls to address risks and
determine whether such programs and controls will mitigate or exacerbate the
identified risks.
• Auditors must develop an appropriate response for each fraud risk identified.

3
Montgomery, et al. (2002) provide an analysis of the requirements of the ED and
introduce the concept of “The Fraud Triangle” consisting of three conditions generally
present when fraud occurs: Incentive/Pressure, Opportunity, and Attitude/
Rationalizations. Input from forensic experts, academics and others consistently showed
that evaluation of information about fraud was enhanced when auditors considered it in
the context of these three conditions.
The ED emphasizes obtaining a broader range of information to serve as the
foundation for an assessment that goes beyond considering the fraud risk factors provided
in SAS No. 82. The various sources of information—the audit team discussion, inquiries
of management and others, consideration of fraud risk factors, the results of planning
analytical procedures, information from the client acceptance or continuance process and
from reviews of interim financial statements—all feed into the auditor’s evaluation of
fraud risks.
Audit Risk and Fraud Risk

Subsequent to the issuance of SAS No. 47, several different approaches to
developing a model of audit risk and of the ARM have been presented. For example,
Srivastava et al. (1996) use a belief-functions framework to model the audit planning and
evaluation process for accounts receivable for a health care unit. In doing so, they
demonstrate the viability of Auditor’s Assistant, an expert system shell to automate the
belief functions propagation in networks. In addition, sensitivity analyses were performed
to determine the impact of the strength of evidence as a function of location in the
network, and to investigate the effect of variability in the input strengths on the overall
belief on each variable in the network (Srivastava and Lu 2002).
4
Dutta et al. (1998) examine the ARM using a belief-function framework that
considers the risks faced by auditors due to random errors, defalcations (employee fraud)
and management fraud. They consider two cases. In the first, they consider only
affirmative items of evidence and derive an analytical formula for audit risk. In the
second, they consider mixed items of evidence (both affirmative and negative), which
models the situation more frequently faced by auditors. They demonstrate that a serious
un